← Back to Skills Marketplace
otman-ai

tiktok-carousel

by Otman Heddouch · GitHub ↗ · v1.0.0
cross-platform ⚠ suspicious
558
Downloads
0
Stars
0
Active Installs
1
Versions
Install in OpenClaw
/install tikto-automation
Description
Generates a 6-slide TikTok carousel with images and text, creates a draft post via Postiz API, and outputs a caption for review and publishing.
Usage Guidance
This skill's code appears to do what it claims (generate images/captions and optionally upload drafts to Postiz), but the registry metadata failing to declare required env vars (OPENAI_API_KEY and POSTIZ_API_KEY) is an inconsistency you should address before installing. Before use: 1) Verify the skill's provenance — ask the publisher for a homepage or repo and confirm you trust it. 2) Confirm the Postiz service (api.postiz.com) is legitimate and review its API docs; if uncertain, do not provide your production POSTIZ_API_KEY. 3) Use limited-scope or temporary API keys and avoid reusing high-privilege keys. 4) Run first in an isolated environment (VM/container) and monitor outbound network requests (or run under a local HTTP proxy) to observe what endpoints are contacted. 5) If you won't use Postiz, remove/disable postiz_api_integration.py or avoid running scripts/upload.py. 6) Request that the registry entry be updated to list OpenAI and Postiz credentials explicitly and provide a homepage/source for auditing — that would raise confidence from suspicious to benign.
Capability Analysis
Type: OpenClaw Skill Name: tikto-automation Version: 1.0.0 The skill bundle is designed to generate images and upload them to an external service (Postiz), which requires file system and network access. While its core functionality aligns with the description, the `postiz_api_integration.py` and `scripts/upload.py` modules accept arbitrary file paths for upload, and `tiktok_content_gen.py` accepts arbitrary paths for local file writes. If an AI agent were to call these scripts with unsanitized user input, it could lead to arbitrary file upload or local file write vulnerabilities, allowing an attacker to potentially exfiltrate arbitrary files or overwrite system files. There is no clear evidence of intentional malicious behavior (e.g., hardcoded exfiltration of sensitive files, backdoors, or explicit prompt injection against the agent to perform harmful actions), but the broad file access capabilities without explicit input sanitization make it suspicious.
Capability Assessment
Purpose & Capability
The skill's code implements exactly what the description says: generates images/captions and can upload media/create a TikTok draft via a Postiz client. However, the package registry metadata declares no required environment variables or primary credential, while the SKILL.md and code clearly require OPENAI_API_KEY to generate images (optional placeholder fallback) and POSTIZ_API_KEY (and optionally POSTIZ_API_URL) to upload/create drafts. That metadata omission is inconsistent with the declared purpose.
Instruction Scope
SKILL.md gives narrow, specific instructions (create venv, pip install -r requirements.txt, set OPENAI_API_KEY and POSTIZ_API_KEY, run scripts). The runtime code only reads those environment variables and operates on files in the images output folder. It does not attempt to read unrelated system files, credentials, or broad system state, nor does it send data to endpoints other than OpenAI (image generation) and Postiz (upload/default URL).
Install Mechanism
There is no install script that downloads arbitrary archives — the skill is delivered as Python source plus requirements.txt. Dependencies are standard (openai, requests, Pillow). No remote extract/install URLs or obscure package sources are used. This is lower risk than a remote binary download, but installing Python packages still pulls third-party code from PyPI.
Credentials
The code legitimately uses OPENAI_API_KEY and POSTIZ_API_KEY (and POSTIZ_API_URL). Requiring those API keys is proportionate to the stated tasks, but the registry metadata lists no required env vars or primary credential — an incoherence that could confuse users or hide the need to supply secrets. Also, POSTIZ_API_URL defaults to https://api.postiz.com/v1; the Postiz service and domain are not documented in the skill metadata, and the source/homepage is unknown, so you should verify the target API's trustworthiness before providing keys.
Persistence & Privilege
The skill does not request persistent or elevated privileges. 'always' is false, autonomous invocation is allowed (platform default), and the code does not modify other skills, system-wide agent settings, or write to global configs. It only writes generated images and a caption into the local output directory.
How to Use
  1. Make sure OpenClaw is installed (local or Docker)
  2. Run the install command in chat: /install tikto-automation
  3. After installation, invoke the skill by name or use /tikto-automation
  4. Provide required inputs per the skill's parameter spec and get structured output
Version History
v1.0.0
- Initial release of the TikTok Carousel Generation Skill for automating the creation of 6-slide TikTok carousel posts. - Generates portrait images with text overlays, a draft TikTok post (via Postiz API), and a ready-to-review caption. - Supports input customization: topic/persona, slide count, style hints, and optional seeds. - Includes Python scripts for content generation and draft uploading. - Emphasizes security (API keys via environment variables) and cost-effectiveness (batching, low-res options). - Refer to included README.md for setup and usage instructions.
Metadata
Slug tikto-automation
Version 1.0.0
License
All-time Installs 0
Active Installs 0
Total Versions 1
Frequently Asked Questions

What is tiktok-carousel?

Generates a 6-slide TikTok carousel with images and text, creates a draft post via Postiz API, and outputs a caption for review and publishing. It is an AI Agent Skill for Claude Code / OpenClaw, with 558 downloads so far.

How do I install tiktok-carousel?

Run "/install tikto-automation" in the OpenClaw or Claude Code chat to install it in one step — no extra setup required.

Is tiktok-carousel free?

Yes, tiktok-carousel is completely free (open-source). You can download, install and use it at no cost.

Which platforms does tiktok-carousel support?

tiktok-carousel is cross-platform and runs anywhere OpenClaw / Claude Code is available (cross-platform).

Who created tiktok-carousel?

It is built and maintained by Otman Heddouch (@otman-ai); the current version is v1.0.0.

More Skills
self-improving agent
Captures learnings, errors, and corrections to enable continuous improvement. Use when: (1) A command or operation fails unexpectedly, (2) User corrects Clau...
⬇ 463556 · by pskoett
Skill Vetter
Security-first skill vetting for AI agents. Use before installing any skill from ClawdHub, GitHub, or other sources. Checks for red flags, permission scope, and suspicious patterns.
⬇ 259610 · by spclaudehome
Polymarket
Query Polymarket prediction markets. Check odds, find trending markets, search events, track price movements.
⬇ 232503 · by joelchance
Self-Improving + Proactive Agent
Self-reflection + Self-criticism + Self-learning + Self-organizing memory. Agent evaluates its own work, catches mistakes, and improves permanently. Use when...
⬇ 200551 · by ivangdavila
Github
Interact with GitHub using the `gh` CLI. Use `gh issue`, `gh pr`, `gh run`, and `gh api` for issues, PRs, CI runs, and advanced queries.
⬇ 191226 · by steipete
ontology
Typed knowledge graph for structured agent memory and composable skills. Use when creating/querying entities (Person, Project, Task, Event, Document), linkin...
⬇ 190235 · by oswalpalash

💬 Comments